CLAIMS 



1. One or more computer-readable media having stored thereon a 
computer program that, when executed by one or more processors of a node in a 
co-location facility, causes the one or more processors to perform acts including: 

beginning and terminating execution of components on the node in 
response to received commands; and 

restricting which other nodes in the co-location facility components that are 
executing on the node can receive data from and send data to. 

2. One or more computer-readable media as recited in claim 1, wherein 
a plurality of management devices share management responsibility for the node, 
and wherein beginning and terminating execution of components on the node is 
restricted to only one of the plurality of management devices at a time. 

3. One or more computer-readable media as recited in claim 1, wherein 
the restricting comprises: 

checking whether it is permissible to forward received data to its intended 
target; and 

forwarding the received data to its intended target only if it is permissible to 

do so. 

4. One or more computer-readable media as recited in claim 3, wherein 
the intended target comprises another node in the co-location facility. 
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5. One or more computer-readable media as recited in claim 3, wherein 
the intended target comprises at least one of the components executing on the 
node. 

6. One or more computer-readable media as recited in claim 1, wherein 
the beginning and terminating execution of components comprises beginning and 
termination execution of the components based on commands received from an 
operations console at a location remote from the co-location facility. 

7. One or more computer-readable media as recited in claim 1, wherein 
one of the components comprises an operating system. 

8. A system comprising: 

a plurality of node clusters, each node cluster including a plurality of nodes; 

and 

wherein each individual node includes a controller to enforce restrictions on 
which other nodes the individual node can receive data from and which other 
nodes the individual node can send data to. 

9. A system as recited in claim 8, wherein each individual node fiirther 
includes a plurality of filters that identify the restrictions. 
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10. A system as recited in claim 8, wherein the restrictions prevent the 
individual node from sending data to or receiving data from another node that is 
not in the same node cluster as the individual node. 

11. A system as recited in claim 8, wherein each individual node 
includes a network interface adapter that includes the controller. 

12. A system as recited in claim 8, wherein for each of the plurality of 

nodes: 

a plurality of management devices share management responsibility for the 
node; and 

one of the plurality of management devices is given an extended set of 
management rights over the node, and the remaining management devices is given 
a more restricted set of management rights over the node. 

13. A system as recited in claim 8, wherein the controller in each node 
is fiirther to terminate and initiate execution of applications on the node in 
response to requests from an external management device. 

14. A system as recited in claim 8, wherein the plurality of node clusters 
are included in a co-location facility. 

15. A method comprising: 

receiving, at a node in a co-location facility, a first request from a first 
control console that is local to the co-location facility; 



Lee & Hayes, PLLC 



40 



MS1'548US.PA T.APP.DOC 



implementing the first request; 

receiving, at the node, a second request from a second control console that 
is remote from the co-location facility; and 
implementing the second request. 

16. A method as recited in claim 15, wherein the first request comprises 
hardware operation oriented commands. 

17. A method as recited in claim 15, wherein the second request 
comprises software application control oriented commands. 

18. A method as recited in claim 15, wherein the first request 
corresponds to one of a first set of rights that are granted to the first control 
console, wherein the second request corresponds to one of a second set of rights 
that are granted to the second control console, and wherein the first set of rights is 
more restricted than the second set of rights. 

19. One or more computer-readable memories containing a computer 
program that is executable by a processor to perform the method recited in claim 
15. 
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20. One or more computer-readable media having stored thereon a 
computer program that, when executed by one or more processors of a node in a 
facihty, causes the one or more processors to perform acts including: 

establishing a boundary of a server cluster in the facility, wherein the server 
cluster includes the node; and 

altering the boundary of the server cluster based on commands received 
from a console outside the server cluster. 

21. One or more computer-readable media as recited in claim 20, 
wherein the establishing comprises including a filter that restricts access to another 
node that is in the facility but that is not in the server cluster. 

22. One or more computer-readable media as recited in claim 20, 
wherein the establishing comprises generating a plurality of filters identifying only 
other nodes in the server cluster as being permissible to access. 

23. One or more computer-readable media as recited in claim 20, 
wherein the computer program, when executed, further causes the one or more 
processors to perform acts including executing a software engine in response to a 
command received from the console. 
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24, One or more computer-readable media as recited in claim 20, 
wherein the computer program, when executed, further causes the one or more 
processors to perform acts including terminating execution of a software engine in 
response to a command received from the console. 

25, One or more computer-readable media as recited in claim 20, 
wherein the facility comprises a co-location facility. 

26, A system comprising: 

an interface allowing management devices corresponding to a plurality of 
management agents responsible for managing the system to access the system; and 

a controller to operate as a trusted third party mediating interaction among 
the plurality of management agents by assigning each of the plurality of 
management agents to a different one of a plurality of ownership domains and 
restricting the rights of each ownership domain in the system. 

27, A system as recited in claim 26, wherein the controller is further to 
terminate execution of a software engine in the system in response to a request 
from a management device corresponding to one of the plurality of management 
agents. 

28, A system as recited in claim 26, wherein the controller is further to 
initiate execution of a software engine in the system in response to a request from 
a management device corresponding to one of the plurality of management agents. 



Lee & Hayes. PLLC 



MS1'548US.PA T.AFP.DOC 



29. A system as recited in claim 26, wherein one of the plurahty of 
ownership domains is a top-level ownership domain having a first set of rights, 
and wherein each of the other ownership domains in the plurality of ownership 
domains has a second set of rights. 

30. A system as recited in claim 29, wherein the second set of rights is 
more restrictive than the first set of rights. 

31. A system as recited in claim 29, wherein the first set of rights 
includes: the right to create new ownership domains, the right to access system 
memory, the right to access a mass storage device of the system, the right to 
modify filters in the system, the right to start execution of software engines in the 
system, the right to stop execution of software engines in the system, the right to 
debug software engines in the system, the right to change authentication 
credentials for the ownership domain, the right to modify a storage key for the 
ownership domain, and the right to subscribe to events engine events, machine 
events, and packet filter events at the system. 

32. A system as recited in claim 29, wherein the second set of rights 
includes: the right to revoke an existing ownership domain, the right to modify 
filters in the system, the right to change authentication credentials for the 
ownership domain, and the right to subscribe to machine events and packet filter 
events at the system. 
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33. A system as recited in claim 29, wherein the first set of rights 
includes: the right to create new ownership domains, the right to access system 
memory, the right to access a mass storage device of the system, and the right to 
modify filters in the system. 

34. A system as recited in claim 29, wherein the second set of rights 
includes: the right to revoke an existing ownership domain and the right to modify 
filters in the system, including the right to add a filter that cannot be subverted by 
a management agent assigned to the top-level ownership domain. 

35. A system as recited in claim 29, wherein the controller allows a 
device corresponding to any one of the other ownership domains to revoke the 
top-level ownership domain, and wherein the controller erases a system memory 
during the revocation process. 

36. A system as recited in claim 26, wherein only one of the plurality of 
management agents can correspond to a top-level ownership domain at a time, and 
wherein any of the other management agents can revoke the top-level ownership 
domain. 
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37. A system as recited in claim 26, wherein only one of the plurality of 
management agents can correspond to a top-level ownership domain at a time, and 
wherein the one management agent can create a new ownership domain for a new 
management agent, and wherein the new ownership domain becomes the new top- 
level ownership domain. 

38. A system as recited in claim 26, wherein only one of the plurality of 
management agents can correspond to a top-level ownership domain at a time, 
wherein which of the plurality of management agents corresponds to the top-level 
ownership domain at any given time can vary over time, and wherein the 
controller erases a system memory each time a change occurs in which of the 
plurality of management agents corresponds to the top-level ownership domain. 

39. A system as recited in claim 26, wherein the system comprises a 
node in a co-location facility. 

40. A method comprising: 

associating each of a plurality of management agents with one of a plurality 
of ownership domains, wherein each of the plurality of management agents is 
responsible for managing at least a portion of a computer and is external to the 
computer; 

allowing only one of the plurality of management agents to have an 
extended set of rights to the computer at a time, and assigning the remaining 
management devices a more limited set of rights; and 
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restricting which requests from management devices corresponding to the 
plurality of management agents are carried out based at least in part on the rights 
of the management agent. 

41. A method as recited in claim 40, where each of the plurality of 
management agents corresponds to one or more management devices that are 
coupled to the computer. 

42. A method as recited in claim 40, wherein the extended set of rights 
includes: the right to create new ownership domains, the right to access system 
memory, the right to access a mass storage device of the system, the right to 
modify filters in the system, the right to start execution of software engines in the 
system, the right to stop execution of software engines in the system, the right to 
debug software engines in the system, the right to change authentication 
credentials for the ownership domain, the right to modify a storage key for the 
ownership domain, and the right to subscribe to events engine events, machine 
events, and packet filter events at the system. 

43. A method as recited in claim 40, wherein the more limited set of 
rights includes: the right to revoke an existing ownership domain, the right to 
modify filters in the system, the right to change authentication credentials for the 
ownership domain, and the right to subscribe to machine events and packet filter 
events at the system. 
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44. A method as recited in claim 40, wherein the extended set of rights 
includes: the right to create new ownership domains, the right to access system 
memory, the right to access a mass storage device of the system, and the right to 
modify filters in the system. 

45. A method as recited in claim 40, wherein the more limited set of 
rights includes: the right to revoke an existing ownership domain and the right to 
modify filters in the system, including the right to add a filter that cannot be 
subverted by a management agent assigned to the top-level ownership domain. 

46. A method as recited in claim 40, wherein the one management agent 
corresponds to a top-level ownership domain, and wherein any of the other 
management agents can revoke the rights of the one management agent. 

47. A method as recited in claim 40, further comprising: 

assigning, by the one management agent having the extended set of rights, 
the extended set of rights to a new management agent; 

assigning the one management agent to having the more limited set of 

rights. 

48. A method as recited in claim 40, further comprising: 

allowing which of the plurality of management agents has the extended set 
of rights to change over time; and 

erasing a system memory each time a change occurs in which of the 
plurality of management agents has the extended set of rights. 
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49. A method as recited in claim 40, further comprising terminating 
execution of a software engine in the computer in response to a request from a 
management device corresponding the one management agent having the extended 
set of rights. 

50. A method as recited in claim 40, further comprising initiating 
execution of a software engine in the computer in response to a request from a 
management device corresponding the one management agent having the extended 
set of rights. 

51. A method as recited in claim 40, wherein the computer comprises a 
node in a co-location facility. 

52. One or more computer-readable memories containing a computer 
program that is executable by a processor to perform the method recited in claim 
40. 
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